Unit 4, 24 Mahony Court 
Weston Ck, ACT 2611
Phone: +61 2 6154 5200

1520 Eureka Road, Suite 102
Roseville, CA 95661
Phone: 916.723.1441
Fax: 916.774.1520


Malware Attack

See also


SUBJECT: KISTERS Australia - security and support update


As you are aware, KISTERS is working to recover from the ransomware attack that occurred on the morning of 11 November. Updates on recovery are being routinely posted on

The criminal attackers secured access to the company's data through an orchestrated ransomware attack, encrypted it and threatened to publish the captured data. The corresponding ultimatum has expired. For further information see the press release -

The KISTERS Australia office network infrastructure was manually shutdown as a precaution as soon as knowledge of the attack was available. As a result, we have instituted interim support arrangements and these remain in place:

        Hydstra support -
        WISKI Support -

KISTERS is very confident that there has been no product source code lost as a result of the attack.

The path to recovery includes a total rebuild of our global network infrastructure. As you can imagine there is considerable effort in completing this. KISTERS Australia have commenced the rebuild, beginning with staff computers and have implemented strict air gapped network segmentation rules to ensure computers and devices of pre-attack, interim and rebuild status devices are not mixed.

Our WISKI team is working to validate that source code has not been maliciously affected as a result of the attack. We anticipate that we will have a WISKI 7.4.13 build available at the end of quarter 1 2022.

Our Hydstra team has validated that no source code has been affected by the attack. Our current patch update service has been disabled, this will continue until we are in the position of returning to full automated software build using manufacturer re-supplied Delphi compilers.

We have continued to deliver on support and project activities, in some instances we have also returned to client system remote access.

If you need to contact KISTERS by phone or have any concerns, in the first instance please contact Paul Sheahan - 0409 510 015. We apologise for any inconvenience, we are working to resume normal operations as soon as possible and will continue to keep you informed with regular updates.

Paul Sheahan
General Manager
KISTERS Australia

SUBJECT: KISTERS Australia − security and support update

As per the communique below, KISTERS AG has been subjected to a targeted malware attack. As a measure of caution and as part of our standard procedures we have immediately deactivated access to jointly used IT services at our sites.

With our central services deactivated (including email and telephones), we are implementing interim arrangements for customer support. Please forward support requests to the contact details below:
Hydstra support -
WISKI Support -

If you need to contact KISTERS by phone, in the first instance please contact Paul Sheahan - 0409 510 015

We apologise for any inconvenience, and we are working to resume normal operations as soon as possible.

Paul Sheahan
General Manger
KISTERS Australia

Cyber attack on KISTERS AG

On the night of 10 November 2021 [morning of 11 November 2021 AEST] we became victims of a cyber-attack. According to the level of knowledge so far, despite a strong security system, the attackers have gained access to our computer network through an orchestrated ransomware attack.

Immediately after the discovery of the attack, we involved the German criminal police and the Federal Office for Security in the BSI information technology. In addition, a team of IT forensic experts began to immediately analyse how the attackers were able to enter our network despite extensive, multi-level and best practice security measures. Investigations are still underway.

Currently we have no access to our own system as it has been completely shut down to avoid further damage. Accordingly, we are temporarily not available either via KISTERS e-mail or landline phone, but only through the mobile numbers of our staff.

At present, we can also not make any statements about which data is affected by the attack. "Transparency is the most important thing for us in this situation. We will inform our customers clearly and openly when we know what data it is affected and when we can return to normal business," said Klaus Kisters (KISTERS CEO).

KISTERS IT experts have been working in crisis mode. "Now it's about the first time for us to be quickly reachable on all channels for our customers. We work on that with high pressure", Klaus Kisters continues. "In the next step, we will put everything to be able to work again and gain knowledge so that we, but also other companies, can protect ourselves even better in the future."